Hi,
Application name is property in the fields list of Kibana dashboard viewlet. Suppose if I need to display logs which contains application name in the log message then what query I need to use in dashboard.
Thanks,
Nagesh.
Hi Nagesh, I'm not sure I understood your question correctly. Are you trying to display logs that contain a specific application name in the log message?
Yes , you are correct.
At the top of the Dashboard page there is a search bar. Initially it will contain the value * in it. You can change this to <your application field name>: "<the application name you want to search for>" and hit enter. That should narrow down the results on your dashboard to just that application.
Hi Nagesh,
If your field name, for example, is _type and a value in that field is apache you can put this in the discover search bar _type:apache.
If you need to search for a documents that contain a substring in a field you can use something like this links:*twitter* so that it finds things like www.twitter.com.
Thanks,
Lee
P.S. Nevermind, I see you're asking about Dashboard, not Discover.
3 Likes
Thank you very much Lee.
Hi Lee,
I have filed application in my dashboard viewlet, so I have defined query application : testApp to view the logs. It is not displaying logs related to testApp. Can you tell me what is wrong ?
Thanks,
Nagesh.
Hi nagesh,
I just found out that I wasn't getting email notifications on these discuss topics. Did you resolve your issue?
If not, is application your field name which has values of testApp?
Regards,
Lee
Post-mortem linking related Kibana info with following quoted KQL search info
- Exact phrase query:
http.response.body:"quick brown fox"- Terms query:
http.response.status_code:400 401 404- Boolean query:
response:200 or extension:php- Range query:
account_number >= 100 and items_sold <= 200- Wildcard query:
machine.os:win*
These can be used on your Dashboards and in Discover